Tag: MikroTik

Change MikroTik RouterOS queue type

Create a new queue type

/queue type add name=fq-codel-ethernet-default kind=fq-codel fq-codel-ecn=no

Change the queue type of all wired interfaces

/queue interface set [find default-queue=only-hardware-queue] queue=fq-codel-ethernet-default

Verify the queue type was changed

/queue/interface/print where default-queue=only-hardware-queue

Wireless interfaces defaults to wireless-default and virtual interfaces defaults to `no-queue. These interface queues can be confirmed with.

/queue/interface/print where default-queue!=only-hardware-queue

Sources: [1]

EVPN Learning Ressources – WIP

Table of Contents

RFC’s

Drafts

YouTube

Playlists

Routing Daemons

Linux Hypervisors

Commercial Vendors

Blog Posts

Side notes

VXLAN Packet

PBB Packet Format

RouterOS Script: Check Google Global Cache Cluster

Open the built-in editor

/system/script/edit value-name=source check-ggc-cluster

Paste the script content

:global currentGGCcluster;

:local result;
:local data;
:local newGGCcluster;

:set result [/tool/fetch output=user url="https://redirector.googlevideo.com/report_mapping?di=no" as-value ascii=yes];
:set data [:tostr [:pick $result [:find $result "="] [:find $result ";"]]];
:set newGGCcluster [:tostr [:pick $data ([:find $data ">"] + 2) [:len $data]]];

:if ($newGGCcluster != $currentGGCcluster) do={
    :put "SP GGC Cluster $currentGGCcluster changed to $newGGCcluster";
    :set currentGGCcluster $newGGCcluster;
    /log info "SP GGC Cluster $currentGGCcluster changed to $newGGCcluster";
}

Add the scheduler (policy not restricted, probably should be)

/system/scheduler/add interval=1d name=check-ggc-cluster on-event="/system/script/run check-ggc-cluster;" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-time=startup

Check variable contents

/system/script/environment/print detail where name=currentGGCcluster

How-to VPN: Private Internet Access (PIA) and MikroTik Router

⚠ Information in this post is outdated since the launch of PIA’s ‘Next-Gen’ VPN network in 2020, sunsetting the then-existing set-up

First create a vpn profile to use when creating l2tp/pptp connections
to privateinternetaccess.

/ppp profile add change-tcp-mss=yes \
comment="PIA VPN" \
dns-server=209.222.18.222,209.222.18.218 \
name=privateinternetaccess only-one=no \
use-compression=no use-encryption=required \
use-ipv6=no use-mpls=no use-upnp=no

Create the l2tp interface

/interface l2tp-client add \
comment="PIA VPN Netherlands" \
connect-to=nl.privateinternetaccess.com \
disabled=no name=pia-de-l2tp \
profile=privateinternetaccess \
user=[l2tp-username] \
password=[l2tp-password]
  • [l2tp-username] Your PIA username for l2tp/pptp/socks connections beginning with ‘x’ (not ‘p’!)
  • [l2tp-password] Your PIA password for l2tp/pptp/socks connections

Create a firewall mangle rule to mark IPv4 traffic we want to
go through the VPN.

/ip firewall mangle add \
action=mark-routing \
chain=prerouting \
comment="PIA VPN Netherlands" \
new-routing-mark="PPTP RM" \
passthrough=yes \
src-address=[ip-range-to-forward-through-vpn]
    • <li

[ip-range-to-forward-through-vpn]

    Fx. 192.168.1.0/24 or 192.168.1.2-192.168.1.254

Create the NAT rule and tell it to use the VPN interface.

/ip firewall nat add \
action=masquerade chain=srcnat \
comment="PIA VPN Netherlands" \
out-interface=pia-de-l2tp

Create a corresponding default route to match the previous NAT
rule. Which only get used when IPv4 traffic has been marked with
‘PPTP RM’.

/ip route add \
comment="PIA VPN Netherlands" \
disabled=yes distance=1 \
gateway=pia-de-l2tp routing-mark="PPTP RM"

Now you should see traffic from clients in the IPv4 range
of [ip-range-to-forward-through-vpn] go through the VPN.

NB: If you want to use another country apart from Netherlands. Check out Private Internet Access list of locations here: PIA VPN Tunnel Network

10 gigabit inter-VLAN with a Mikrotik RB4011 – blog.kroy.io

Something I see pop up fairly regularly on a few of the forums, Discords, and subreddits that I hang out on is that the RB4011 is not capable of 10 gigabit routing

Guess what?

THAT’S WRONG

I’d be lying if I said that this xkcd wasn’t me sometimes:

https://xkcd.com/386/

Of course, whenever this pops up I’m not in a position to demonstrate the proof. It definitely can go almost full 10Gb.

But you say, it’s only got a single SFP+ port!

That’s what full-duplex is for!

I’ve got a number of these devices and have tested them extensively. The RB4011 is definitely capable of 10 gigabit routing, in a router-on-a-stick fashion.

 

Continue reading